]> git.ipfire.org Git - thirdparty/openssh-portable.git/commitdiff
projects / thirdparty / openssh-portable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f9a9aab)
- djm@cvs.openbsd.org 2014/02/27 08:25:09
authorDamien Miller <djm@mindrot.org>
Thu, 27 Feb 2014 23:00:57 +0000 (10:00 +1100)
committerDamien Miller <djm@mindrot.org>
Thu, 27 Feb 2014 23:00:57 +0000 (10:00 +1100)
     [bufbn.c]
     off by one in range check

ChangeLog patch | blob | blame | history
bufbn.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index 416f4b58c95aa4058720e514ea1e2cdd1eb9cf20..f91963720a8ae0321ae9d4c40d46af0a27e47318 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
      [bufbn.c]
      fix unsigned overflow that could lead to reading a short ssh protocol
      1 bignum value; found by Ben Hawkes; ok deraadt@
+   - djm@cvs.openbsd.org 2014/02/27 08:25:09
+     [bufbn.c]
+     off by one in range check
 
 20140227
  - OpenBSD CVS Sync
diff --git a/bufbn.c b/bufbn.c
index 40e8ed4d54e32798269cb8768a50cfc7ca64f6fd..1d2e01266eebecc81b5b573f368a1ef638440578 100644 (file)
--- a/bufbn.c
+++ b/bufbn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufbn.c,v 1.10 2014/02/27 00:41:49 djm Exp $*/
+/* $OpenBSD: bufbn.c,v 1.11 2014/02/27 08:25:09 djm Exp $*/
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -108,7 +108,7 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
                return (-1);
        }
        bits = get_u16(buf);
-       if (bits > 65536-7) {
+       if (bits > 65535-7) {
                error("buffer_get_bignum_ret: cannot handle BN of size %d",
                    bits);
                return (-1);
Mirror of https://github.com/openssh/openssh-portable.git